IT Governance, risk management, and compliance or IT GRC is the umbrella term covering an organization's approach across these three areas: Governance, risk management, and compliance. IT-GRC includes enterprise GRC functions (workflow, data repository, regulatory mapping, etc) focused on IT specific needs. "Governance, Risk Management, and Compliance (GRC) are three pillars that work together for the purpose of assuring that an organization meets its objectives. Governance is the combination of processes established and executed by the board of directors that are reflected in the organization's structure and how it is managed and led toward achieving goals. Risk management is predicting and managing risks that could hinder the organization to achieve its objectives. Compliance with the company's policies and procedures, laws and regulations, strong and efficient governance is considered key to an organization's success."